You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by motty cruz <mo...@gmail.com> on 2014/03/03 19:17:30 UTC
CS 4.2.1 VPN connection failed
Hello All,
I'm having issues with a site-to-site VPN connection on Cloudstack Advance
Network.
vpc-1 CIDR 10.99.0.0/16
vpc-tier-1 10.99.1.0/24
customer gateway match client settings,
in Virtual Router I see connections coming from client IP but no route
back.
If I log in to VR, I am able to pint client's IP. The outisde firewall not
filtering outgoing traffic, and incoming traffic from client's IP is allow
all.
any idea or suggestions?
Thanks,
Re: CS 4.2.1 VPN connection failed
Posted by motty cruz <mo...@gmail.com>.
Thanks Geoff,
the problem was in CS I had to create a VPC with /16 mask and once that was
created I created network with mask /24 - to connect to client I was using
/24 but once we used mask 16, connection was successful.
thanks for your help!
On Mon, Mar 3, 2014 at 2:44 PM, Geoff Higginbottom <
geoff.higginbottom@shapeblue.com> wrote:
> Celso,
>
> You should be able to create new ACL lists and also change which one is
> applied to the Tier.
>
> For the VPN return traffic you need to ensure that you have an ACL rule
> allowing the traffic.
>
> You could simply add an allow all rule for the CIDR of the remote network
> in the appropriate ACL List.
>
> Regards
>
> Geoff Higginbottom
> CTO / Cloud Architect
>
> D: +44 20 3603 0542<tel:+442036030542> | S: +44 20 3603 0540<tel:
> +442036030540> | M: +447968161581<tel:+447968161581>
>
> geoff.higginbottom@shapeblue.com<ma...@shapeblue.com>
> | www.shapeblue.com<htp://www.shapeblue.com/> | Twitter:@cloudstackguru<
> https://twitter.com/#!/cloudstackguru>
>
> ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N
> 4HS<x-apple-data-detectors://5>
>
>
> On 3 Mar 2014, at 22:05, "motty cruz" <motty.cruz@gmail.com<mailto:
> motty.cruz@gmail.com>> wrote:
>
> Thanks for your reply Geoff,
>
> in CS
> Network - VPC - vpc1 - Router - Network ACL Lists
>
> I see two default_allow and default_deny, I am unable to change or remove
> this ACLs
>
> Thanks,
> Celso
>
>
> On Mon, Mar 3, 2014 at 1:45 PM, Geoff Higginbottom <
> geoff.higginbottom@shapeblue.com<ma...@shapeblue.com>>
> wrote:
>
> Do you am have a default allow or default deny on the VPC Tier?
>
> Regards
>
> Geoff Higginbottom
> CTO / Cloud Architect
>
> D: +44 20 3603 0542<tel:+442036030542> | S: +44 20 3603 0540<tel:
> +442036030540> | M: +447968161581<tel:+447968161581>
>
> geoff.higginbottom@shapeblue.com<mailto:geoff.higginbottom@shapeblue.com
> ><ma...@shapeblue.com>
> | www.shapeblue.com<http://www.shapeblue.com><htp://www.shapeblue.com/> |
> Twitter:@cloudstackguru<
> https://twitter.com/#!/cloudstackguru>
>
> ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N
> 4HS<x-apple-data-detectors://5>
>
>
> On 3 Mar 2014, at 21:09, "motty cruz" <motty.cruz@gmail.com<mailto:
> motty.cruz@gmail.com><mailto:
> motty.cruz@gmail.com<ma...@gmail.com>>> wrote:
>
> Hi Geoff,
>
> the CIDR of the remote network is 192.168.0.0/24
>
> IKE policy : 3des-md5
> ESP policy 3des-md5
> IKE lifetiem : 86400
> ESP lifetime 3600
> dead peer detection yes
> state Error
>
> Status: Resource[Site2SiteVpnConnection:31]is unreachable: Failed to apply
> site-to-site VPN
>
> That is the error i'm getting,
>
> In /var/log/message :
> Mar 3 20:59:23 r-171-VM cloud: ipsectunnel.sh: done ipsec tunnel entry for
> right peer=client_public_ip right networks=192.168.0.0/24
> Mar 3 20:59:23 r-171-VM cloud: ipsectunnel.sh: checking connection
> status...
> Mar 3 20:59:24 r-171-VM cloud: ipsectunnel.sh: checking connection
> status...
> Mar 3 20:59:25 r-171-VM cloud: ipsectunnel.sh: checking connection
> status...
> Mar 3 20:59:26 r-171-VM cloud: ipsectunnel.sh: checking connection
> status...
> Mar 3 20:59:27 r-171-VM cloud: ipsectunnel.sh: checking connection
> status...
> Mar 3 20:59:28 r-171-VM cloud: ipsectunnel.sh: fail to connect to remote,
> status code: 11
> Mar 3 20:59:28 r-171-VM cloud: ipsectunnel.sh: would stop site-to-site VPN
> connection
> Mar 3 20:59:28 r-171-VM cloud: ipsectunnel.sh: removing configuration for
> ipsec tunnel to client_public_ip
>
>
>
> On Mon, Mar 3, 2014 at 12:27 PM, Geoff Higginbottom <
> geoff.higginbottom@shapeblue.com<mailto:geoff.higginbottom@shapeblue.com
> ><ma...@shapeblue.com>>
> wrote:
>
> Motty,
>
> What is the CIDR of the remote network ?
>
> Regards
>
> Geoff Higginbottom
> CTO / Cloud Architect
>
> D: +44 20 3603 0542<tel:+442036030542> | S: +44 20 3603 0540<tel:
> +442036030540> | M: +447968161581<tel:+447968161581>
>
> geoff.higginbottom@shapeblue.com<mailto:geoff.higginbottom@shapeblue.com
> ><mailto:geoff.higginbottom@shapeblue.com
> <ma...@shapeblue.com>
> | www.shapeblue.com<http://www.shapeblue.com><http://www.shapeblue.com
> ><htp://www.shapeblue.com/> |
> Twitter:@cloudstackguru<
> https://twitter.com/#!/cloudstackguru>
>
> ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N
> 4HS<x-apple-data-detectors://5>
>
>
> On 3 Mar 2014, at 18:17, "motty cruz" <motty.cruz@gmail.com<mailto:
> motty.cruz@gmail.com><mailto:
> motty.cruz@gmail.com<ma...@gmail.com>><mailto:
> motty.cruz@gmail.com<ma...@gmail.com><mailto:
> motty.cruz@gmail.com>>> wrote:
>
> Hello All,
> I'm having issues with a site-to-site VPN connection on Cloudstack Advance
> Network.
>
> vpc-1 CIDR 10.99.0.0/16
>
> vpc-tier-1 10.99.1.0/24
>
> customer gateway match client settings,
>
> in Virtual Router I see connections coming from client IP but no route
> back.
> If I log in to VR, I am able to pint client's IP. The outisde firewall not
> filtering outgoing traffic, and incoming traffic from client's IP is allow
> all.
>
> any idea or suggestions?
>
> Thanks,
> Need Enterprise Grade Support for Apache CloudStack?
> Our CloudStack Infrastructure Support<
> http://shapeblue.com/cloudstack-infrastructure-support/> offers the best
> 24/7 SLA for CloudStack Environments.
>
> Apache CloudStack Bootcamp training courses
>
> **NEW!** CloudStack 4.2.1 training<
> http://shapeblue.com/cloudstack-training/>
> 18th-19th February 2014, Brazil. Classroom<
> http://shapeblue.com/cloudstack-training/>
> 17th-23rd March 2014, Region A. Instructor led, On-line<
> http://shapeblue.com/cloudstack-training/>
> 24th-28th March 2014, Region B. Instructor led, On-line<
> http://shapeblue.com/cloudstack-training/>
> 16th-20th June 2014, Region A. Instructor led, On-line<
> http://shapeblue.com/cloudstack-training/>
> 23rd-27th June 2014, Region B. Instructor led, On-line<
> http://shapeblue.com/cloudstack-training/>
>
> This email and any attachments to it may be confidential and are intended
> solely for the use of the individual to whom it is addressed. Any views or
> opinions expressed are solely those of the author and do not necessarily
> represent those of Shape Blue Ltd or related companies. If you are not the
> intended recipient of this email, you must neither take any action based
> upon its contents, nor copy or show it to anyone. Please contact the sender
> if you believe you have received this email in error. Shape Blue Ltd is a
> company incorporated in England & Wales. ShapeBlue Services India LLP is a
> company incorporated in India and is operated under license from Shape Blue
> Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil
> and is operated under license from Shape Blue Ltd. ShapeBlue is a
> registered trademark.
>
> This email and any attachments to it may be confidential and are intended
> solely for the use of the individual to whom it is addressed. Any views or
> opinions expressed are solely those of the author and do not necessarily
> represent those of Shape Blue Ltd or related companies. If you are not the
> intended recipient of this email, you must neither take any action based
> upon its contents, nor copy or show it to anyone. Please contact the sender
> if you believe you have received this email in error. Shape Blue Ltd is a
> company incorporated in England & Wales. ShapeBlue Services India LLP is a
> company incorporated in India and is operated under license from Shape Blue
> Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil
> and is operated under license from Shape Blue Ltd. ShapeBlue is a
> registered trademark.
>
> This email and any attachments to it may be confidential and are intended
> solely for the use of the individual to whom it is addressed. Any views or
> opinions expressed are solely those of the author and do not necessarily
> represent those of Shape Blue Ltd or related companies. If you are not the
> intended recipient of this email, you must neither take any action based
> upon its contents, nor copy or show it to anyone. Please contact the sender
> if you believe you have received this email in error. Shape Blue Ltd is a
> company incorporated in England & Wales. ShapeBlue Services India LLP is a
> company incorporated in India and is operated under license from Shape Blue
> Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil
> and is operated under license from Shape Blue Ltd. ShapeBlue is a
> registered trademark.
>
Re: CS 4.2.1 VPN connection failed
Posted by Geoff Higginbottom <ge...@shapeblue.com>.
Celso,
You should be able to create new ACL lists and also change which one is applied to the Tier.
For the VPN return traffic you need to ensure that you have an ACL rule allowing the traffic.
You could simply add an allow all rule for the CIDR of the remote network in the appropriate ACL List.
Regards
Geoff Higginbottom
CTO / Cloud Architect
D: +44 20 3603 0542<tel:+442036030542> | S: +44 20 3603 0540<tel:+442036030540> | M: +447968161581<tel:+447968161581>
geoff.higginbottom@shapeblue.com<ma...@shapeblue.com> | www.shapeblue.com<htp://www.shapeblue.com/> | Twitter:@cloudstackguru<https://twitter.com/#!/cloudstackguru>
ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N 4HS<x-apple-data-detectors://5>
On 3 Mar 2014, at 22:05, "motty cruz" <mo...@gmail.com>> wrote:
Thanks for your reply Geoff,
in CS
Network - VPC - vpc1 - Router - Network ACL Lists
I see two default_allow and default_deny, I am unable to change or remove
this ACLs
Thanks,
Celso
On Mon, Mar 3, 2014 at 1:45 PM, Geoff Higginbottom <
geoff.higginbottom@shapeblue.com<ma...@shapeblue.com>> wrote:
Do you am have a default allow or default deny on the VPC Tier?
Regards
Geoff Higginbottom
CTO / Cloud Architect
D: +44 20 3603 0542<tel:+442036030542> | S: +44 20 3603 0540<tel:
+442036030540> | M: +447968161581<tel:+447968161581>
geoff.higginbottom@shapeblue.com<ma...@shapeblue.com>
| www.shapeblue.com<http://www.shapeblue.com><htp://www.shapeblue.com/> | Twitter:@cloudstackguru<
https://twitter.com/#!/cloudstackguru>
ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N
4HS<x-apple-data-detectors://5>
On 3 Mar 2014, at 21:09, "motty cruz" <mo...@gmail.com><mailto:
motty.cruz@gmail.com<ma...@gmail.com>>> wrote:
Hi Geoff,
the CIDR of the remote network is 192.168.0.0/24
IKE policy : 3des-md5
ESP policy 3des-md5
IKE lifetiem : 86400
ESP lifetime 3600
dead peer detection yes
state Error
Status: Resource[Site2SiteVpnConnection:31]is unreachable: Failed to apply
site-to-site VPN
That is the error i'm getting,
In /var/log/message :
Mar 3 20:59:23 r-171-VM cloud: ipsectunnel.sh: done ipsec tunnel entry for
right peer=client_public_ip right networks=192.168.0.0/24
Mar 3 20:59:23 r-171-VM cloud: ipsectunnel.sh: checking connection
status...
Mar 3 20:59:24 r-171-VM cloud: ipsectunnel.sh: checking connection
status...
Mar 3 20:59:25 r-171-VM cloud: ipsectunnel.sh: checking connection
status...
Mar 3 20:59:26 r-171-VM cloud: ipsectunnel.sh: checking connection
status...
Mar 3 20:59:27 r-171-VM cloud: ipsectunnel.sh: checking connection
status...
Mar 3 20:59:28 r-171-VM cloud: ipsectunnel.sh: fail to connect to remote,
status code: 11
Mar 3 20:59:28 r-171-VM cloud: ipsectunnel.sh: would stop site-to-site VPN
connection
Mar 3 20:59:28 r-171-VM cloud: ipsectunnel.sh: removing configuration for
ipsec tunnel to client_public_ip
On Mon, Mar 3, 2014 at 12:27 PM, Geoff Higginbottom <
geoff.higginbottom@shapeblue.com<ma...@shapeblue.com>>
wrote:
Motty,
What is the CIDR of the remote network ?
Regards
Geoff Higginbottom
CTO / Cloud Architect
D: +44 20 3603 0542<tel:+442036030542> | S: +44 20 3603 0540<tel:
+442036030540> | M: +447968161581<tel:+447968161581>
geoff.higginbottom@shapeblue.com<ma...@shapeblue.com><mailto:geoff.higginbottom@shapeblue.com
<ma...@shapeblue.com>
| www.shapeblue.com<http://www.shapeblue.com><http://www.shapeblue.com><htp://www.shapeblue.com/> |
Twitter:@cloudstackguru<
https://twitter.com/#!/cloudstackguru>
ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N
4HS<x-apple-data-detectors://5>
On 3 Mar 2014, at 18:17, "motty cruz" <mo...@gmail.com><mailto:
motty.cruz@gmail.com<ma...@gmail.com>><mailto:
motty.cruz@gmail.com<ma...@gmail.com>>> wrote:
Hello All,
I'm having issues with a site-to-site VPN connection on Cloudstack Advance
Network.
vpc-1 CIDR 10.99.0.0/16
vpc-tier-1 10.99.1.0/24
customer gateway match client settings,
in Virtual Router I see connections coming from client IP but no route
back.
If I log in to VR, I am able to pint client's IP. The outisde firewall not
filtering outgoing traffic, and incoming traffic from client's IP is allow
all.
any idea or suggestions?
Thanks,
Need Enterprise Grade Support for Apache CloudStack?
Our CloudStack Infrastructure Support<
http://shapeblue.com/cloudstack-infrastructure-support/> offers the best
24/7 SLA for CloudStack Environments.
Apache CloudStack Bootcamp training courses
**NEW!** CloudStack 4.2.1 training<
http://shapeblue.com/cloudstack-training/>
18th-19th February 2014, Brazil. Classroom<
http://shapeblue.com/cloudstack-training/>
17th-23rd March 2014, Region A. Instructor led, On-line<
http://shapeblue.com/cloudstack-training/>
24th-28th March 2014, Region B. Instructor led, On-line<
http://shapeblue.com/cloudstack-training/>
16th-20th June 2014, Region A. Instructor led, On-line<
http://shapeblue.com/cloudstack-training/>
23rd-27th June 2014, Region B. Instructor led, On-line<
http://shapeblue.com/cloudstack-training/>
This email and any attachments to it may be confidential and are intended
solely for the use of the individual to whom it is addressed. Any views or
opinions expressed are solely those of the author and do not necessarily
represent those of Shape Blue Ltd or related companies. If you are not the
intended recipient of this email, you must neither take any action based
upon its contents, nor copy or show it to anyone. Please contact the sender
if you believe you have received this email in error. Shape Blue Ltd is a
company incorporated in England & Wales. ShapeBlue Services India LLP is a
company incorporated in India and is operated under license from Shape Blue
Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil
and is operated under license from Shape Blue Ltd. ShapeBlue is a
registered trademark.
This email and any attachments to it may be confidential and are intended
solely for the use of the individual to whom it is addressed. Any views or
opinions expressed are solely those of the author and do not necessarily
represent those of Shape Blue Ltd or related companies. If you are not the
intended recipient of this email, you must neither take any action based
upon its contents, nor copy or show it to anyone. Please contact the sender
if you believe you have received this email in error. Shape Blue Ltd is a
company incorporated in England & Wales. ShapeBlue Services India LLP is a
company incorporated in India and is operated under license from Shape Blue
Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil
and is operated under license from Shape Blue Ltd. ShapeBlue is a
registered trademark.
This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark.
Re: CS 4.2.1 VPN connection failed
Posted by motty cruz <mo...@gmail.com>.
Thanks for your reply Geoff,
in CS
Network - VPC - vpc1 - Router - Network ACL Lists
I see two default_allow and default_deny, I am unable to change or remove
this ACLs
Thanks,
Celso
On Mon, Mar 3, 2014 at 1:45 PM, Geoff Higginbottom <
geoff.higginbottom@shapeblue.com> wrote:
> Do you am have a default allow or default deny on the VPC Tier?
>
> Regards
>
> Geoff Higginbottom
> CTO / Cloud Architect
>
> D: +44 20 3603 0542<tel:+442036030542> | S: +44 20 3603 0540<tel:
> +442036030540> | M: +447968161581<tel:+447968161581>
>
> geoff.higginbottom@shapeblue.com<ma...@shapeblue.com>
> | www.shapeblue.com<htp://www.shapeblue.com/> | Twitter:@cloudstackguru<
> https://twitter.com/#!/cloudstackguru>
>
> ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N
> 4HS<x-apple-data-detectors://5>
>
>
> On 3 Mar 2014, at 21:09, "motty cruz" <motty.cruz@gmail.com<mailto:
> motty.cruz@gmail.com>> wrote:
>
> Hi Geoff,
>
> the CIDR of the remote network is 192.168.0.0/24
>
> IKE policy : 3des-md5
> ESP policy 3des-md5
> IKE lifetiem : 86400
> ESP lifetime 3600
> dead peer detection yes
> state Error
>
> Status: Resource[Site2SiteVpnConnection:31]is unreachable: Failed to apply
> site-to-site VPN
>
> That is the error i'm getting,
>
> In /var/log/message :
> Mar 3 20:59:23 r-171-VM cloud: ipsectunnel.sh: done ipsec tunnel entry for
> right peer=client_public_ip right networks=192.168.0.0/24
> Mar 3 20:59:23 r-171-VM cloud: ipsectunnel.sh: checking connection
> status...
> Mar 3 20:59:24 r-171-VM cloud: ipsectunnel.sh: checking connection
> status...
> Mar 3 20:59:25 r-171-VM cloud: ipsectunnel.sh: checking connection
> status...
> Mar 3 20:59:26 r-171-VM cloud: ipsectunnel.sh: checking connection
> status...
> Mar 3 20:59:27 r-171-VM cloud: ipsectunnel.sh: checking connection
> status...
> Mar 3 20:59:28 r-171-VM cloud: ipsectunnel.sh: fail to connect to remote,
> status code: 11
> Mar 3 20:59:28 r-171-VM cloud: ipsectunnel.sh: would stop site-to-site VPN
> connection
> Mar 3 20:59:28 r-171-VM cloud: ipsectunnel.sh: removing configuration for
> ipsec tunnel to client_public_ip
>
>
>
> On Mon, Mar 3, 2014 at 12:27 PM, Geoff Higginbottom <
> geoff.higginbottom@shapeblue.com<ma...@shapeblue.com>>
> wrote:
>
> Motty,
>
> What is the CIDR of the remote network ?
>
> Regards
>
> Geoff Higginbottom
> CTO / Cloud Architect
>
> D: +44 20 3603 0542<tel:+442036030542> | S: +44 20 3603 0540<tel:
> +442036030540> | M: +447968161581<tel:+447968161581>
>
> geoff.higginbottom@shapeblue.com<mailto:geoff.higginbottom@shapeblue.com
> ><ma...@shapeblue.com>
> | www.shapeblue.com<http://www.shapeblue.com><htp://www.shapeblue.com/> |
> Twitter:@cloudstackguru<
> https://twitter.com/#!/cloudstackguru>
>
> ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N
> 4HS<x-apple-data-detectors://5>
>
>
> On 3 Mar 2014, at 18:17, "motty cruz" <motty.cruz@gmail.com<mailto:
> motty.cruz@gmail.com><mailto:
> motty.cruz@gmail.com<ma...@gmail.com>>> wrote:
>
> Hello All,
> I'm having issues with a site-to-site VPN connection on Cloudstack Advance
> Network.
>
> vpc-1 CIDR 10.99.0.0/16
>
> vpc-tier-1 10.99.1.0/24
>
> customer gateway match client settings,
>
> in Virtual Router I see connections coming from client IP but no route
> back.
> If I log in to VR, I am able to pint client's IP. The outisde firewall not
> filtering outgoing traffic, and incoming traffic from client's IP is allow
> all.
>
> any idea or suggestions?
>
> Thanks,
> Need Enterprise Grade Support for Apache CloudStack?
> Our CloudStack Infrastructure Support<
> http://shapeblue.com/cloudstack-infrastructure-support/> offers the best
> 24/7 SLA for CloudStack Environments.
>
> Apache CloudStack Bootcamp training courses
>
> **NEW!** CloudStack 4.2.1 training<
> http://shapeblue.com/cloudstack-training/>
> 18th-19th February 2014, Brazil. Classroom<
> http://shapeblue.com/cloudstack-training/>
> 17th-23rd March 2014, Region A. Instructor led, On-line<
> http://shapeblue.com/cloudstack-training/>
> 24th-28th March 2014, Region B. Instructor led, On-line<
> http://shapeblue.com/cloudstack-training/>
> 16th-20th June 2014, Region A. Instructor led, On-line<
> http://shapeblue.com/cloudstack-training/>
> 23rd-27th June 2014, Region B. Instructor led, On-line<
> http://shapeblue.com/cloudstack-training/>
>
> This email and any attachments to it may be confidential and are intended
> solely for the use of the individual to whom it is addressed. Any views or
> opinions expressed are solely those of the author and do not necessarily
> represent those of Shape Blue Ltd or related companies. If you are not the
> intended recipient of this email, you must neither take any action based
> upon its contents, nor copy or show it to anyone. Please contact the sender
> if you believe you have received this email in error. Shape Blue Ltd is a
> company incorporated in England & Wales. ShapeBlue Services India LLP is a
> company incorporated in India and is operated under license from Shape Blue
> Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil
> and is operated under license from Shape Blue Ltd. ShapeBlue is a
> registered trademark.
>
> This email and any attachments to it may be confidential and are intended
> solely for the use of the individual to whom it is addressed. Any views or
> opinions expressed are solely those of the author and do not necessarily
> represent those of Shape Blue Ltd or related companies. If you are not the
> intended recipient of this email, you must neither take any action based
> upon its contents, nor copy or show it to anyone. Please contact the sender
> if you believe you have received this email in error. Shape Blue Ltd is a
> company incorporated in England & Wales. ShapeBlue Services India LLP is a
> company incorporated in India and is operated under license from Shape Blue
> Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil
> and is operated under license from Shape Blue Ltd. ShapeBlue is a
> registered trademark.
>
Re: CS 4.2.1 VPN connection failed
Posted by Geoff Higginbottom <ge...@shapeblue.com>.
Do you am have a default allow or default deny on the VPC Tier?
Regards
Geoff Higginbottom
CTO / Cloud Architect
D: +44 20 3603 0542<tel:+442036030542> | S: +44 20 3603 0540<tel:+442036030540> | M: +447968161581<tel:+447968161581>
geoff.higginbottom@shapeblue.com<ma...@shapeblue.com> | www.shapeblue.com<htp://www.shapeblue.com/> | Twitter:@cloudstackguru<https://twitter.com/#!/cloudstackguru>
ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N 4HS<x-apple-data-detectors://5>
On 3 Mar 2014, at 21:09, "motty cruz" <mo...@gmail.com>> wrote:
Hi Geoff,
the CIDR of the remote network is 192.168.0.0/24
IKE policy : 3des-md5
ESP policy 3des-md5
IKE lifetiem : 86400
ESP lifetime 3600
dead peer detection yes
state Error
Status: Resource[Site2SiteVpnConnection:31]is unreachable: Failed to apply
site-to-site VPN
That is the error i'm getting,
In /var/log/message :
Mar 3 20:59:23 r-171-VM cloud: ipsectunnel.sh: done ipsec tunnel entry for
right peer=client_public_ip right networks=192.168.0.0/24
Mar 3 20:59:23 r-171-VM cloud: ipsectunnel.sh: checking connection
status...
Mar 3 20:59:24 r-171-VM cloud: ipsectunnel.sh: checking connection
status...
Mar 3 20:59:25 r-171-VM cloud: ipsectunnel.sh: checking connection
status...
Mar 3 20:59:26 r-171-VM cloud: ipsectunnel.sh: checking connection
status...
Mar 3 20:59:27 r-171-VM cloud: ipsectunnel.sh: checking connection
status...
Mar 3 20:59:28 r-171-VM cloud: ipsectunnel.sh: fail to connect to remote,
status code: 11
Mar 3 20:59:28 r-171-VM cloud: ipsectunnel.sh: would stop site-to-site VPN
connection
Mar 3 20:59:28 r-171-VM cloud: ipsectunnel.sh: removing configuration for
ipsec tunnel to client_public_ip
On Mon, Mar 3, 2014 at 12:27 PM, Geoff Higginbottom <
geoff.higginbottom@shapeblue.com<ma...@shapeblue.com>> wrote:
Motty,
What is the CIDR of the remote network ?
Regards
Geoff Higginbottom
CTO / Cloud Architect
D: +44 20 3603 0542<tel:+442036030542> | S: +44 20 3603 0540<tel:
+442036030540> | M: +447968161581<tel:+447968161581>
geoff.higginbottom@shapeblue.com<ma...@shapeblue.com>
| www.shapeblue.com<http://www.shapeblue.com><htp://www.shapeblue.com/> | Twitter:@cloudstackguru<
https://twitter.com/#!/cloudstackguru>
ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N
4HS<x-apple-data-detectors://5>
On 3 Mar 2014, at 18:17, "motty cruz" <mo...@gmail.com><mailto:
motty.cruz@gmail.com<ma...@gmail.com>>> wrote:
Hello All,
I'm having issues with a site-to-site VPN connection on Cloudstack Advance
Network.
vpc-1 CIDR 10.99.0.0/16
vpc-tier-1 10.99.1.0/24
customer gateway match client settings,
in Virtual Router I see connections coming from client IP but no route
back.
If I log in to VR, I am able to pint client's IP. The outisde firewall not
filtering outgoing traffic, and incoming traffic from client's IP is allow
all.
any idea or suggestions?
Thanks,
Need Enterprise Grade Support for Apache CloudStack?
Our CloudStack Infrastructure Support<
http://shapeblue.com/cloudstack-infrastructure-support/> offers the best
24/7 SLA for CloudStack Environments.
Apache CloudStack Bootcamp training courses
**NEW!** CloudStack 4.2.1 training<
http://shapeblue.com/cloudstack-training/>
18th-19th February 2014, Brazil. Classroom<
http://shapeblue.com/cloudstack-training/>
17th-23rd March 2014, Region A. Instructor led, On-line<
http://shapeblue.com/cloudstack-training/>
24th-28th March 2014, Region B. Instructor led, On-line<
http://shapeblue.com/cloudstack-training/>
16th-20th June 2014, Region A. Instructor led, On-line<
http://shapeblue.com/cloudstack-training/>
23rd-27th June 2014, Region B. Instructor led, On-line<
http://shapeblue.com/cloudstack-training/>
This email and any attachments to it may be confidential and are intended
solely for the use of the individual to whom it is addressed. Any views or
opinions expressed are solely those of the author and do not necessarily
represent those of Shape Blue Ltd or related companies. If you are not the
intended recipient of this email, you must neither take any action based
upon its contents, nor copy or show it to anyone. Please contact the sender
if you believe you have received this email in error. Shape Blue Ltd is a
company incorporated in England & Wales. ShapeBlue Services India LLP is a
company incorporated in India and is operated under license from Shape Blue
Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil
and is operated under license from Shape Blue Ltd. ShapeBlue is a
registered trademark.
This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark.
Re: CS 4.2.1 VPN connection failed
Posted by motty cruz <mo...@gmail.com>.
Hi Geoff,
the CIDR of the remote network is 192.168.0.0/24
IKE policy : 3des-md5
ESP policy 3des-md5
IKE lifetiem : 86400
ESP lifetime 3600
dead peer detection yes
state Error
Status: Resource[Site2SiteVpnConnection:31]is unreachable: Failed to apply
site-to-site VPN
That is the error i'm getting,
In /var/log/message :
Mar 3 20:59:23 r-171-VM cloud: ipsectunnel.sh: done ipsec tunnel entry for
right peer=client_public_ip right networks=192.168.0.0/24
Mar 3 20:59:23 r-171-VM cloud: ipsectunnel.sh: checking connection
status...
Mar 3 20:59:24 r-171-VM cloud: ipsectunnel.sh: checking connection
status...
Mar 3 20:59:25 r-171-VM cloud: ipsectunnel.sh: checking connection
status...
Mar 3 20:59:26 r-171-VM cloud: ipsectunnel.sh: checking connection
status...
Mar 3 20:59:27 r-171-VM cloud: ipsectunnel.sh: checking connection
status...
Mar 3 20:59:28 r-171-VM cloud: ipsectunnel.sh: fail to connect to remote,
status code: 11
Mar 3 20:59:28 r-171-VM cloud: ipsectunnel.sh: would stop site-to-site VPN
connection
Mar 3 20:59:28 r-171-VM cloud: ipsectunnel.sh: removing configuration for
ipsec tunnel to client_public_ip
On Mon, Mar 3, 2014 at 12:27 PM, Geoff Higginbottom <
geoff.higginbottom@shapeblue.com> wrote:
> Motty,
>
> What is the CIDR of the remote network ?
>
> Regards
>
> Geoff Higginbottom
> CTO / Cloud Architect
>
> D: +44 20 3603 0542<tel:+442036030542> | S: +44 20 3603 0540<tel:
> +442036030540> | M: +447968161581<tel:+447968161581>
>
> geoff.higginbottom@shapeblue.com<ma...@shapeblue.com>
> | www.shapeblue.com<htp://www.shapeblue.com/> | Twitter:@cloudstackguru<
> https://twitter.com/#!/cloudstackguru>
>
> ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N
> 4HS<x-apple-data-detectors://5>
>
>
> On 3 Mar 2014, at 18:17, "motty cruz" <motty.cruz@gmail.com<mailto:
> motty.cruz@gmail.com>> wrote:
>
> Hello All,
> I'm having issues with a site-to-site VPN connection on Cloudstack Advance
> Network.
>
> vpc-1 CIDR 10.99.0.0/16
>
> vpc-tier-1 10.99.1.0/24
>
> customer gateway match client settings,
>
> in Virtual Router I see connections coming from client IP but no route
> back.
> If I log in to VR, I am able to pint client's IP. The outisde firewall not
> filtering outgoing traffic, and incoming traffic from client's IP is allow
> all.
>
> any idea or suggestions?
>
> Thanks,
> Need Enterprise Grade Support for Apache CloudStack?
> Our CloudStack Infrastructure Support<
> http://shapeblue.com/cloudstack-infrastructure-support/> offers the best
> 24/7 SLA for CloudStack Environments.
>
> Apache CloudStack Bootcamp training courses
>
> **NEW!** CloudStack 4.2.1 training<
> http://shapeblue.com/cloudstack-training/>
> 18th-19th February 2014, Brazil. Classroom<
> http://shapeblue.com/cloudstack-training/>
> 17th-23rd March 2014, Region A. Instructor led, On-line<
> http://shapeblue.com/cloudstack-training/>
> 24th-28th March 2014, Region B. Instructor led, On-line<
> http://shapeblue.com/cloudstack-training/>
> 16th-20th June 2014, Region A. Instructor led, On-line<
> http://shapeblue.com/cloudstack-training/>
> 23rd-27th June 2014, Region B. Instructor led, On-line<
> http://shapeblue.com/cloudstack-training/>
>
> This email and any attachments to it may be confidential and are intended
> solely for the use of the individual to whom it is addressed. Any views or
> opinions expressed are solely those of the author and do not necessarily
> represent those of Shape Blue Ltd or related companies. If you are not the
> intended recipient of this email, you must neither take any action based
> upon its contents, nor copy or show it to anyone. Please contact the sender
> if you believe you have received this email in error. Shape Blue Ltd is a
> company incorporated in England & Wales. ShapeBlue Services India LLP is a
> company incorporated in India and is operated under license from Shape Blue
> Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil
> and is operated under license from Shape Blue Ltd. ShapeBlue is a
> registered trademark.
>
Re: CS 4.2.1 VPN connection failed
Posted by Geoff Higginbottom <ge...@shapeblue.com>.
Motty,
What is the CIDR of the remote network ?
Regards
Geoff Higginbottom
CTO / Cloud Architect
D: +44 20 3603 0542<tel:+442036030542> | S: +44 20 3603 0540<tel:+442036030540> | M: +447968161581<tel:+447968161581>
geoff.higginbottom@shapeblue.com<ma...@shapeblue.com> | www.shapeblue.com<htp://www.shapeblue.com/> | Twitter:@cloudstackguru<https://twitter.com/#!/cloudstackguru>
ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N 4HS<x-apple-data-detectors://5>
On 3 Mar 2014, at 18:17, "motty cruz" <mo...@gmail.com>> wrote:
Hello All,
I'm having issues with a site-to-site VPN connection on Cloudstack Advance
Network.
vpc-1 CIDR 10.99.0.0/16
vpc-tier-1 10.99.1.0/24
customer gateway match client settings,
in Virtual Router I see connections coming from client IP but no route
back.
If I log in to VR, I am able to pint client's IP. The outisde firewall not
filtering outgoing traffic, and incoming traffic from client's IP is allow
all.
any idea or suggestions?
Thanks,
Need Enterprise Grade Support for Apache CloudStack?
Our CloudStack Infrastructure Support<http://shapeblue.com/cloudstack-infrastructure-support/> offers the best 24/7 SLA for CloudStack Environments.
Apache CloudStack Bootcamp training courses
**NEW!** CloudStack 4.2.1 training<http://shapeblue.com/cloudstack-training/>
18th-19th February 2014, Brazil. Classroom<http://shapeblue.com/cloudstack-training/>
17th-23rd March 2014, Region A. Instructor led, On-line<http://shapeblue.com/cloudstack-training/>
24th-28th March 2014, Region B. Instructor led, On-line<http://shapeblue.com/cloudstack-training/>
16th-20th June 2014, Region A. Instructor led, On-line<http://shapeblue.com/cloudstack-training/>
23rd-27th June 2014, Region B. Instructor led, On-line<http://shapeblue.com/cloudstack-training/>
This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark.